The present invention relates to secured communications and more particularly to secured communications based on the Secure Socket Layer (SSL) protocol.
In communications between a client and a server, it is often beneficial to provide increased security. One mechanism for providing increased security is through the use of the Secure Socket Layer (SSL) protocol which uses a hybrid public-key system in which public-key cryptography is used to allow a client and a server to securely agree on a secret session key.
FIG. 1 illustrates a conventional SSL connection between a client 10 and a server 12. As seen in FIG. 1, the client 10 communicates directly with the server 12 utilizing the SSL connection 16.
The SSL protocol may provide privacy and integrity between two communicating applications. The SSL protocol typically utilizes two layers, the lowest layer of which is the SSL Record Protocol, which is layered on top of a communications protocol such as TCP/IP. The SSL Record Protocol encapsulates higher level protocols such as the SSL Handshake Protocol. The SSL Handshake Protocol allows the server and client to authenticate each other and to establish an encryption method and keys. The SSL protocol is further described in U.S. Pat. No. 5,657,390 entitled xe2x80x9cSecure Socket Layer Application Program Apparatus and Methodxe2x80x9d which is incorporated herein by reference as if set forth in its entirety.
One advantage of SSL is that it is application protocol independent. A higher level protocol can layer on top of the SSL Protocol transparently. Thus, the SSL protocol provides connection security where encryption is used after an initial handshake to define a secret key for use during a session and where the communication partner""s identity can be authenticated using, for example, a well known public certificate issuing authority. Examples of such well known certificate authorities include RSA Data Security, Inc, Verisign(trademark) and EquiFax(trademark).
Authentication is important in establishing the secure connection as it provides a basis for the client to trust that the server (typically identified by its Universal Resource Locator (URL)) is the entity associated with the server public key provided to the client and used to establish the secret session key. As noted above, this authentication may be provided through the use of certificates obtained by the server from one of the well known certificate authorities. The certificate (such as a X.509 certificate) typically includes an identification of the server (such as its hostname), the server""s public key, and a digital signature which is provided by the well known certificate authority and which is used by a client receiving the certificate to authenticate the identity of the server before initiating a secured session. In particular, the application on the client initiating the secured communication session, such as a browser, is typically installed with a public key ring including public keys for various of the well known certificate authorities which allow the client to verify server certificates issued by these certificate authorities.
One problem with SSL implementations based on certificates from well known certificate authorities is the cost and administrative burdens associated with obtaining a certificate from one of the well known certificate authorities. This can be particularly problematic for corporate or other networks having a plurality of servers and which may add additional server stations over time as each server typically requires its own certificate before it will be xe2x80x9ctrustedxe2x80x9d by clients.
One option is to rely on a self-signed certificate or a certificate signed by a local certificate authority. However, this typically requires either that a local private key be deployed to all client machines securely (such as through an out of band process) or that the keys be insecurely downloaded during the negotiations establishing an SSL session, thereby potentially reducing the security of the session.
An additional problem with SSL implementations using browsers is that the browser typically does not make its public key ring available to other applications on the client. In addition, browsers typically only support Hypertext Transport Protocol (HTTP) communications. Accordingly, it is often difficult to provide a public key ring to other applications which may desire the use of SSL secured communications which are not based on HTTP.
One solution to the problem of SSL support for non-HTTP sessions is provided by the Host on Demand(trademark) product from International Business Machines Corporation through the SSLight(trademark) java toolkit. In this application, a public key may be provided for use by an application being downloaded to the client from a Host on Demand server. The public key or key ring may be included in a class file which is included with the application when it is downloaded. Accordingly, if the browser interface between the client and the host on demand server is set up as a secured connection, such as a HTTP over SSL (HTTPS) connection, the public key in the class file may be securely transferred. However, a problem with this approach is that the entire application transfer must occur on a secured connection, thereby creating an unneccesary performance disadvantage as there may be no need to secure the remainder of the transfer.
In light of the above discussion, a need exists for improvements in the authentication process for servers under the SSL protocol to address the limitations associated with the use of well known certificate authorities and self-signed certificates.
In view of the above discussion, it is an object of the present invention to provide systems and methods which can allow secure authentication in SSL systems with reduced reliance on well known certificate authorities.
A further object of the present invention is to provide such systems and methods which can support network environments with a plurality of clients and servers which are controlled by a common organization, such as a corporation.
These and other objects of the present invention may be provided by methods, systems and computer program products which allow xe2x80x9cbootstrappingxe2x80x9d of credentials by a client application using the well known certificate authority SSL capabilities of another installed application, such as a browser. A first secured session is established between the client and a server which has a certificate including a digital signature from a well known certificate authority. For example, a HTTPS session may be established to the server by a browser such as Netscape(trademark) or Internet Explorer(trademark). An additional public key, or public key ring is then downloaded from the server to the client which may be subsequently used by the client to establish SSL sessions with servers that do not have a certificate from a well known certificate authority.
By using bootstrapping on the secured session to download additional public keys, the present invention allows SSL sessions to be subsequently setup by an application with servers that do not have certificates from a well known certificate authority, thereby possibly avoiding financial and administrative expenses. As an additional advantage, a public key can be downloaded from a server, which may have a certificate from a well known certificate authority, which public key can be provided by the browser to a separate application which supports a variety of communication protocols. This may be advantageous as a browser typically only supports HTTP and typically does not make its public key ring available to other applications residing on the client.
In an embodiment of the present invention, a method is provided for establishing secured communication sessions between a client and a server. A first secured communication session, which is preferably a secured SSL communication session, is established between the client and a first server based on a certificate transmitted from the first server to the client, the first server certificate being supported by a public key ring of the client. Subsequently, at least one public key associated with a second server is transmitted to the client over the first secured SSL communication session wherein the at least one public key is provided separate from any associated application code class files.
In one embodiment of the present invention, the second server is the first server. Furthermore, a HTTPS communication session is established over which the at least one public key is transmitted to the client. Subsequently, a second secured SSL communication session is established between the client and the first server utilizing a communications protocol other than HTTP.
In a further embodiment, the second server is different from the first server. A second secured SSL communication session between the client and the second server is established based on the at least one public key after it is received by the client. In one embodiment, the first secured SSL communication session is an HTTPS session. In a further aspect, a public key ring including the at least one public key associated with the second server and at least one additional public key associated with a third server different from the first server and the second server is transmitted to the client for use in establishing subsequent SSL communication sessions. Different ones of the public keys from the public key ring may be used by the client for SSL communication sessions with respective ones of the servers.
In a further embodiment of the present invention, a method is provided for establishing secured communication sessions including establishing a first secured communication session, which is preferably a secured SSL communication session, between a client and a first server based on a certificate transmitted from the first server to the client, the first server certificate being supported by a public key ring of the client. Subsequently, at least one public key associated with a second server different from the first server is received from the first server over the first secured SSL communication session and a second secured SSL communication session is established between the client and the second server based on the at least one public key. In one embodiment, the at least one public key is not included in the public key ring of the client and the at least one public key is provided separate from any associated application code class files.
As will further be appreciated by those of skill in the art, while described above with reference to method aspects, the present invention may be embodied as methods, apparatus/systems and/or computer program products.